When the CLIENT_NO_SCHEMA client capability flag is set, GRANT commands remove the explicitly given database name and replace it to the current database.
Normally it can be reproduced when an ODBC DSN has the NO_SCHEMA=1 parameter, but it can also be reproduced using a command line with debugger.
Set a break point inside prepare_new_connection_state() in your debugger, e.g.:
Continue the server execution in the debugger.
Start a new command line client as a super-user. When the execution reaches the breakpoint, add the CLIENT_NO_SCHEMA bit into thd->client_capabilities, e.g.:
and continue the execution.
Run the following script in the client:
The output is:
It looks wrong. The GRANT command was supposed to add the privilege on the table test.user, but it added the privilege on the table mysql.user instead, where mysql is the current database.